search

BitBoxSwiss / bitbox02-firmware

Firmware code of the BitBox02 hardware wallet
https://bitbox.swiss/bitbox02
Apache License 2.0
217 stars 81 forks source link

Include a secure method to delete SD Card #1047

Closed satoshinotdead closed 1 year ago

satoshinotdead commented 1 year ago

At the moment we need to destroy the SD Card if we don't want to backup without encryption our keys.

That's unnaceptable from a top line product like Bitbox02.

benma commented 1 year ago

Hi.

The sdcard backup is equivalent to the 24 recovery words that you can write down on paper, which are also not encrypted.

We didn't include a way to delete the backup because it is not clear if/how the bytes can really be wiped securely, and also to avoid users accidentally deleting important backups. Better to have one too many backups than one too few.

Hope this helps.

benma commented 1 year ago

Closing as wontfix according to the above comment.

satoshinotdead commented 1 year ago

Hi.

The sdcard backup is equivalent to the 24 recovery words that you can write down on paper, which are also not encrypted.

We didn't include a way to delete the backup because it is not clear if/how the bytes can really be wiped securely, and also to avoid users accidentally deleting important backups. Better to have one too many backups than one too few.

Hope this helps.

That's not equivalent to 24-words because I already got the 24-words.

That's an obligated huge security risk that you software need to make an option or solve adding a secure way to destroying it.

I totally disagree to close this.

benma commented 1 year ago

That's not equivalent to 24-words because I already got the 24-words.

I meant equivalent with respect to encryption: your 24 words are not encrypted, the sdcard backup is not encrypted. You can store both in the same location with the same security.

benma commented 1 year ago

By the way, we plan on allowing wallet creation without making an sdcard backup at all, which could also alleviate your concern.

satoshinotdead commented 1 year ago

I meant equivalent with respect to encryption: your 24 words are not encrypted, the sdcard backup is not encrypted.

Sorry but I'm not talking about my written seed and you really don't know if I have it encrypted or not.

we plan on allowing wallet creation without making an sdcard backup at all

Fair enough, that will solve the issue. May I ask an approximate ETA? Next big update, probably?

Thanks for your following up 👍

benma commented 1 year ago

May I ask an approximate ETA? Next big update, probably?

It is planned and in the works, that means it will likely be in the next release or in the release after that (though note that priorities can sometimes change on short notice).